Wikia has the strange permission thing — if you post anything, it becomes their property.

PbWiki didn't allowed me to upload HTML file like this:

<html><head><title></title></head><body>
abc bac
</body></html>

It claimed, that this is a spam and disabled file upload for 15 minutes for all pbwiki sites!

In the contrary Wikidot has many friendly features1 and have a totally different ads policy. Actually, they let YOU earn with their service. If you wish to display ads on your wiki, you get as much as 80% of what Google pays for them.

serving user-uploaded files. PHP checks whether you have right to see the file and then instructs the Lighttpd web server to serve the file to the user. We're using X-LIGHTTPD-sendfile for this purpose. Moreover we're now using a totally different domain for this: *.wdfiles.com, which prevents from JavaScripts attacks.

direct access to any code block inside wikis. Just append /code to the URL

Example codeblock, that is accessible with a custom URL:
http://piotr.gabryjeluk.pl/dev:a-lot/code

Moreover if you set the type of the code to html or css, Wikidot will serve the file with the proper MIME type which makes the codes usable as external style sheets or iframe destinations!

Unfortunately, it seems that our last approach (described here) to finally get the uploaded files right was not exactly possible. As authorization in Wikidot is based on cookies and sessions, they will not pass through cross-domain solution.

Allowing to read session_id from cookie in user uploaded HTMLs in not a good idea because of possible session spoofing.

So we designed an authorization mechanism that allows owner of a particular session browsing files from a certain wiki.

When a request to restricted user uploaded file (on the *.wdupload.wikidotsyndication.com domain) is performed, we will check if the cookie is set, then if it points to a valid session and if the user bound to the session is granted a permission to view the file.

If the auth cookie is not set, we'll redirect the browser to the *.wikidot.com site (which can read the original session-cookies) that will generate a unique key and redirect back to the original domain appending the unique key to the GET request. The original domain will then set the cookie and the access will be granted (or not).